v0.4.1

agentsec v0.4.1

Security scanner and hardener for agentic AI installations, with reproducible evidence artifacts and OWASP Agentic Top 10 mapping.

Highlights

• Four scanner modules: installation, skill, mcp, credential
• Pre-install package gate for npm/pip workflows
• Hardening profiles: workstation, vps, public-bot
• OWASP ASI01-ASI10 posture scoring (0-100 + A-F grade)
• SARIF/JSON output for CI and security tooling
• Weekly MCP ecosystem dashboard in-repo

What’s New Since v0.4.0

• Launch-hardening and documentation accuracy pass
• Improved README flow with real demo screenshots
• CLI reference expansion and command clarity improvements
• Consistency fixes across benchmark/case-study evidence and docs
• Dashboard improvements and disclaimer update
• False-positive reduction for non-OpenClaw targets (CEX-001 scope fix)

Reproducibility and Evidence

• Fixture benchmark:
  • docs/benchmarks/results/2026-02-15-v0.4.0.json
  • docs/benchmarks/results/2026-02-15-v0.4.0.md
• Case study artifacts:
  • docs/case-studies/artifacts/
• Top-50 MCP study:
  • docs/benchmarks/2026-02-top50-mcp-security-study.md
  • docs/benchmarks/top50/README.md
• Evidence manifest:
  • docs/launch/LAUNCH_EVIDENCE_MANIFEST.md
  • docs/launch/REPRODUCIBILITY_SPEC.md

Install

pip install agentsec-ai

Quick Start

agentsec scan
agentsec harden -p workstation --apply
agentsec gate npm install some-package

CI Integration

Use the included action definition in:

• action.yml

Validation Snapshot

• ruff check src tests scripts: pass
• pytest: 206 passed, 1 skipped
• python scripts/repo_consistency_audit.py: pass

Notes

• Screenshot/demo environment is intentionally insecure by design to demonstrate detection and hardening behavior.
• Benchmark artifact filenames retain historical naming where noted; metadata reflects refreshed evidence runs.

Links

• README: README.md
• CLI reference: docs/cli-reference.md
• Security policy: SECURITY.md
• Contributing: CONTRIBUTING.md